<?php
class User
{
	static function login($username, $password, $remind){
		$db = new DB();
		$time = time();
		$ip = IP::get();
		$c_salt = rand(100000,999999);
		
		//检验账户是否锁定
		$locked_sql = 'select id,locked,salt from users where username="'.$username.'" limit 1';
		$locked_rs = $db->query($locked_sql)->getOne();
		if( $locked_rs['id'] < 1 || $locked_rs['locked'] != 1 ){
			$status = 2;//账户无权登录或被锁定，前台提示：用户名或密码错误
		}else{
			//远程校验
			$url = 'http://bbs.zgqw.com/extends/auth.php?key=DH39FHiSp&username='.urlencode($username).'&password='.md5($password);
			$rs_josn = Curls :: get($url);
			if( $rs_josn != '' ){
				$rs = json_decode($rs_josn, true);
				
				if( $rs['uid'] < 1 || strlen($rs['username']) < 2 ){
					$status = 2;//用户名或密码错误
				}else{
					$status = 1;//登录成功
					
					$uid = $rs['uid'];
					//更新本地密码等信息
					$user_data = array('uid'=>$uid,'password'=>md5($password.$rs['salt']),'email'=>$rs['email'],'salt'=>$rs['salt'],'c_salt'=>$c_salt,'lastlogin'=>$time,'lastip'=>$ip,'updated'=>$time);
					$db->table('users')->where('id='.$locked_rs['id'])->update($user_data)->run();
				}
			}else{
				//本地校验
				$users_sql = 'select id,uid from users where username="'.$username.'" and password="'.md5($password.$locked_rs['salt']).'" limit 1';
				$users_rs = $db->query($users_sql)->getOne();
				if( $users_rs['id'] < 0 ){
					$status = 2;//用户名或密码错误
				}else{
					$status = 1;//登录成功
					$uid = $users_rs['uid'];
					//更新本次登录信息
					$user_data = array('c_salt'=>$c_salt,'lastlogin'=>$time,'lastip'=>$ip,'updated'=>$time);
					$db->table('users')->where('id='.$locked_rs['id'])->update($user_data)->run();
				}
			}
		}
		
		//记录日志
		$data = array('username'=>$username,'password'=>h($password),'status'=>$status,'ip'=>$ip,'created'=>$time);
		$db->table('logs_login')->insert($data)->run();
		
		if( $status === 1 ){
			//查找用户组
			$group_sql = 'select a.groupid,b.name from users as a JOIN users_group as b ON (a.groupid = b.id) WHERE a.uid = '.$uid.' limit 1';
			$group_rs = $db->query($group_sql)->getOne();

			//设置session
			$login_session = array('username'=>$username,'uid'=>$uid,'groupid'=>$group_rs['groupid'],'groupname'=>$group_rs['name']);
			Sessions::set($login_session);
			
			//选择了记录密码
			if( $remind == 2 ){
				$cookie = new Cookies();
				$login_cookie = array('c_username'=>$username,'c_password'=>md5($password),'c_salt'=>$c_salt);
				$cookie->set($login_cookie);
				Sessions::set($login_cookie);
			}
			
			return true;
		}else{
			return false;
		}
	}
	
	//使用cookie登录
	static function cookie_login($c_username, $c_password, $c_salt){
		$db = new DB();
		$time = time();
		$ip = IP::get();
		
		//检验账户合法性
		$locked_sql = 'select id,locked,c_salt from users where username="'.$c_username.'" limit 1';
		$locked_rs = $db->query($locked_sql)->getOne();
		if( $locked_rs['id'] > 0 && $locked_rs['locked'] == 1 ){
			//检测随机数有效性
			if( $c_salt == $locked_rs['c_salt'] ){
				//远程校验密码，防止密码已经修改
				$url = 'http://bbs.zgqw.com/extends/auth.php?key=DH39FHiSp&username='.urlencode($c_username).'&password='.$c_password;
				$rs_josn = Curls :: get($url);
				if( $rs_josn != '' ){
					$rs = json_decode($rs_josn, true);
					if( $rs['uid'] > 0 && strlen($rs['username']) > 2 ){//登录成功
						$uid = $rs['uid'];
						$c_salt = rand(100000,999999);
						
						//更新本地信息
						$user_data = array('c_salt'=>$c_salt,'lastlogin'=>$time,'lastip'=>$ip,'updated'=>$time);
						$db->table('users')->where('id='.$locked_rs['id'])->update($user_data)->run();
						
						//查找用户组
						$group_sql = 'select a.groupid,b.name from users as a JOIN users_group as b ON (a.groupid = b.id) WHERE a.uid = '.$uid.' limit 1';
						$group_rs = $db->query($group_sql)->getOne();

						//设置session
						$login_session = array('username'=>$c_username,'uid'=>$uid,'groupid'=>$group_rs['groupid'],'groupname'=>$group_rs['name']);
						Sessions::set($login_session);
						
						//更新cookie
						$cookie = new Cookies();
						$login_cookie = array('c_username'=>$c_username,'c_password'=>$c_password,'c_salt'=>$c_salt);
						$cookie->set($login_cookie);
						Sessions::set($login_cookie);
						
						//记录日志
						$data = array('username'=>$c_username,'password'=>$c_password,'status'=>1,'ip'=>$ip,'created'=>$time);
						$db->table('logs_login')->insert($data)->run();
		
						return false;
					}
				}
			}
		}
	}
	
	//更新
	static function update($data, $uid=0){
		if( $uid < 1 ){
			$uid = Sessions::get('uid');
		}
		
		if( is_array($data) ){
			$user_db = new DB();
			$user_db->table('users')->where('uid='.$uid)->update($data)->run();
			return true;
		}else{
			return false;
		}
	}
}